Users login

Create an account »


Users login

Home » Hacking News » OpenSSH Security Advisory (adv.token)

OpenSSH Security Advisory (adv.token)

by Nikola Strahija on April 22nd, 2002 A buffer overflow exists in OpenSSH's sshd if sshd has been compiled with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default.

1. Systems affected:

All Versions of OpenSSH compiled with AFS/Kerberos support
and ticket/token passing enabled contain a buffer overflow.

Ticket/Token passing is disabled by default and available
only in protocol version 1.

2. Impact:

Remote users may gain privileged access for OpenSSH

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »